Issues with Cisco 871 Router

[litakbd]

I've configured a Cisco 871W router with the tunnel configuration from the create tunnel page.  The modem is passing the IP address to the WAN port on the router.  I've verified that the tunnel is up:
Tunnel0 is up, line protocol is up
 Hardware is Tunnel
 Description: Hurricane Electric IPv6 Tunnel Broker
 MTU 17920 bytes, BW 100 Kbit/sec, DLY 50000 usec,
    reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation TUNNEL, loopback not set
 Keepalive not set
 Tunnel source 99.54.133.206 (FastEthernet4), destination 209.51.181.2
  Tunnel Subblocks:
     src-track:
        Tunnel0 source tracking subblock associated with FastEthernet4
         Set of tunnels with source FastEthernet4, 1 member (includes iterators), on interface <OK>
 Tunnel protocol/transport IPv6/IP
 Tunnel TTL 255
 Tunnel transport MTU 1480 bytes
 Tunnel transmit bandwidth 8000 (kbps)
 Tunnel receive bandwidth 8000 (kbps)
 Last input 00:36:32, output 00:23:01, output hang never
 Last clearing of "show interface" counters never
 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3
 Queueing strategy: fifo
 Output queue: 0/0 (size/max)
 5 minute input rate 0 bits/sec, 0 packets/sec
 5 minute output rate 0 bits/sec, 0 packets/sec
    6039 packets input, 724432 bytes, 0 no buffer
    Received 0 broadcasts (0 IP multicasts)
    0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    6191 packets output, 499736 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 unknown protocol drops
    0 output buffer failures, 0 output buffers swapped out

When I try to ping the router side of the tunnel from the internet I can see the traffic crossing the tunnel and the router replying the the ping fails:

Mar 23 17:27:34: Tunnel0: IPv6/IP to classify 209.51.181.2->99.54.133.206 (tbl=0,"default" len=100 ttl=246 tos=0x0) ok, oce_rc=0x1
Mar 23 17:27:34: Tunnel0: IPv6/IP (PS) to decaps 209.51.181.2->99.54.133.206 (tbl=0, "default", len=100, ttl=246)
Mar 23 17:27:34: Tunnel0: decapsulated IPv6/IP packet (len 100)
Mar 23 17:27:34: ICMPv6: Received echo request, Src=2001:1AF8:4200:B000:20C:29FF:FE6B:49D2, Dst=2001:470:1F10:D9F::2
Mar 23 17:27:34: Tunnel0: IPv6/IP encapsulated 99.54.133.206->209.51.181.2 (linktype=79, len=100)
Mar 23 17:27:34: Tunnel0 count tx, adding 20 encap bytes
Mar 23 17:27:34: ICMPv6: Sent echo reply, Src=2001:470:1F10:D9F::2, Dst=2001:1AF8:4200:B000:20C:29FF:FE6B:49D2


It's as if the router doesn't know how to get back.  From the router I'm unable to ping the other side of the tunnel.

Here is the config that I'm using.  Maybe I'm over looking something.

version 15.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname lab-ipv6-gw01
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.151-3.T.bin
boot-end-marker
!
!
logging buffered 8192
!
no aaa new-model
!
memory-size iomem 20
clock timezone EST -5 0
clock summer-time EDT recurring
crypto pki token default removal timeout 0
!
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
ipv6 address 2001:470:C2F2::1/48
ipv6 enable
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1F10:D9F::2/64
ipv6 enable
tunnel source FastEthernet4
tunnel mode ipv6ip
tunnel destination 209.51.181.2
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN Link Interface
ip address dhcp
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.200.49 255.255.255.0
ipv6 address 2001:470:1F11:D9F::1/64
ipv6 enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 10.0.0.0 255.0.0.0 192.168.200.254
ip route 172.16.0.0 255.240.0.0 192.168.200.254
ip route 192.168.0.0 255.255.0.0 192.168.200.254
!
logging esm config
ipv6 route ::/0 Tunnel0
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
session-timeout 15
access-class 129 in
exec-timeout 15 0
privilege level 15
logging synchronous
login
transport input telnet
!
scheduler max-task-time 5000

end

The router is running Advance IP Services 15.1.3T code.
I've also configured a 1751 with an ADSL WIC, running 12.3.6, and get the same results.
AT&T is the DSL provider and our account team swears they are not blocking any thing since it is a business DSL account.

Any ideas?

[UltraZero]

Oh boy.  let me jump in on the AT&T issue. 

I spend roughly 2 months trying to get the AT&T issue resolved.  Now. I don't know where  you are, but, Iam out of state.  I talked to Tae at HE.net and we were talking for some time with this isssue.

My neighbor is a manager with AT&T and she got me a return call from texas which is where the Network Operation is located.  The told me they were blocking Protocol 41.

I did notice in your config, you reference a fastethernet port and not an IP address.  (Maybe you didn't want to mention the IP address.  If that is what you are doing, then no problem I understand, otherwise, on my Cisco routers, I had to input an actual IP address.)

Back to ATT, So I called up my local Cable internet company.  The install was the following morning.  No BS 1 to 2 week wait.  After that installl, I kept my same config.  The only thing I changed was the authentication to connect to them and my connection up in a matter of seconds. 

Here was my kicker.  Double check....

The IP address for your interface which is associated with your tunnel has an IP address.  I think it was 99.something.  That IP address needs to be the same address listed at HE.net.  There is a configuration page which gives you your IPv6 address.  Make sure the address (Your Interface source) is the noted on their end. 

After I corrected this, my tunnel came online immediately. 

So, (I still have the DSL Connection seeing I am always dropping the Cable connection for config changes and it drives my wife nuts, we are keeping it for a while) I decided to double check to see if me forgetting to keep the configurations the same.  I swung my net connection back over to AT&T, checked the DHCP address I was given and forwarded it to HE.net.

Sure as it is cold outside, I still could not connect.

Now the other thing you might want to look into is the modem.

Some state the problem is there.  I have a Speedstream 5100.  I can't find any docs on the command line for the unit. I am actually dying to put this into (bridge Mode)  I've been hearing bridge mode works and will possibly fix the problem.  I could not try it because I was afraid I could not get the modem back to the original mode seeing there was not any instruction on how to configure the medem.  AT&T put their own code in the unit and I can't find any instruction anywhere so, I didn't touch it.

I did go out and purchase a new modem and had the same problem (Not being able to put it into bridge mode meaning) I searched for another Dlink (Yuck) because that was all I could find at Fry's.

Anyway, if you have any questions I hope I can help seeing is I have gone through a lot of issues with AT&Ts DSL.

Some folks say theirs work.  If you have a Speedstream modem, I suggest finding another modem and testing.  (NO DLINK)

Some of the cable companies will give you a month to month contract.  Mine was 79.00 for 1 month which included install.  My installer was pretty cool.  Give me extra connectors in case I wanted to reduce the length of wire he left behind.  I have about an extra 30 feet of cable just in case I want to move my router. (I have crimpers/cutters/network tools galore so no problem there and since I've been doing this for a long time, I use to install Coax RG-58au cable long time ago.   


BTW -for security purposes, edit your post and remove all or create fake hashed passwords.  Even if encrypted, it can be hacked.  Also remove all or create fake ip addresses on all external interfaces.  You are simply advertising
where you are and a way to hack into your network.

BTW - if anyone want to if I am kidding, I found this much out.  I have been asking questions about IPv6.  Come to find out, the questions have shown up in Google searches.


Also, what is the speed of your DSL connection.  IF you have a 6mbps connection, are you getting around 5 with the router you have.  I am curious.  I have a 2650XM and my connection is 12mbps.  I am only seeing around 6mbps or lower.  8mbps if I am lucky.  I think with all of the ACLs and DHCP that is running on the unit, it's slowing it down alot.  I am thinking of upgrading to a 28xx series if I can find one cheap enough.  I would also like to go to 18mbps.  Anyway.  Check and confirm the items above.  Write back.

As you might notice, I enjoy chatting and if I can help, I will.

Ah lastly, what happens if  you do a traceroute to he.net via IPv4 and with IPv6.  Is the IPv6 not producing any output??



See ya.

[mindlesstux]

Gonna feed the troll a little...

Which AT&T region are you both in?  Here in NC on the old bellsouth network and on the u-verse network (both residential accounts), I got the tunnel working on several pieces of hardware.  2-Wire, Westel & ZyTel modems with the C871 & MikroTik routers.  Just have to bridge/"Full DMZ" to the router and it passes along fine.

I dont see an issue with the configuration but I'll go dig up the old C871 config I had from 12.3T (? I think), if I still have it.

[litakbd]

UltraZero,
For the Tunnel interface, I originally had the IP address for the tunnel source but changed it to the fastethernet interface so if/when the IP address changes, the tunnel will be using the correct IP address.

I've also used a Cisco 1751 router that has a WIC-1ADSL, eliminating the Speedstream modem, with the same results.

The speed of the DSL is 384k up/down.  Both routers can ping and traceroute to the IPv4 addresses, but timeout when trying IPv6.

Thanks for the security tips ... the config has been modified.

Mindlesstux,
I'm in Michigan.  The DSL service is AT&T's business service and they claim that they support IPv6 and nothing is being blocked.
Currently, I'm working on the C871W which is running 15.1.3T code.

[UltraZero]

Good day. Im in Nevada.  I have gotten conflicting stories about DSL.

I had to rewrite what I originally said (was about a page long)  Seeing Is most things said are basically captured via Google, I will say this.

Many calls to Tech support were made to AT&T and 99 percent of the people didn't know what IPv6 was.  This includes their internal techs.  One guy actually knew what I was talking about and told me he and his department could not gain access to folks that made changes to the routers in order to ask questions.  Even if a service ticket was sent to them, unless a corporate customer called, and even still, the question might not get answered.  He new a person who was  in the department.  He promised he would call me back.  He did.  Every time he heard something, he would call.  (This guy was great) He said he wanted to know the answer for himself as well because he wanted to be in that department.  So, He said they are not from his contact.  Then texas called.  Military type call, under 1 minute, only yes or no answers.  We can not confirm (you now the rest) But, he said they were blocking protocol 41. 

Now, right after that call, the first confirmation of a DSL user answered my question and that was a tech at HE.net.  He has it and is using it.  From there after, I find some people are using it and have their modems set to bridge mode.

I came across an individual who started where I was, had basically the same config and he all together
said I am not going to wait 3 weeks for the answer and called his local cable company, installed cable internet and was up and running the next day. 

So, with the amount of different modems, ATT uses and with the fact there isn't any documentation to drop their modem to bridge mode to confirm this, it's a little hard to try to work with this issue.  I even went and spent 50 bucks on a dlink modem.  Come to find out, it would not drop to bridge mode and I got the same results.   I could not get the tunnel to work with Win/7 or with my router.  The second I switch providers, (still have the DSL) the IPv6 issue went away. 

I am stuck with another issue with my PIX trying to get it to allow IPv6 traffic, but, that is another problem.  (I wish I could get some help on that topic  ;D ;D ;D  )

[mindlesstux]

UltraZero,

I use to work BellSouth helpdesk several years ago when speedstreams were still in use.  I know it can be bridged, just hope the dsl provider you got the modem from at the time did not lock down the firmware.

A quick little google search dug this up, but its a GUI method, your trying to do CLI?
http://www.dslreports.com/faq/sbc/3.1_Speedstream_5100#8722

As to the original poster, when I get home I'll be checking my offline backup drives for that cisco config.

[UltraZero]

Yes.  ATT overlayed a new operating system in the unit.  I can't find any documentation on the
command line interface.  I did read somewhere if you drop to bridge mode, a factory reset won't get you back to original GUI mode.  If it did, I would have tried it long time ago.  I didn't want to get stuck and then have to buy another unit.  Funny though, I just remembered I have an older Alcotel  (something like that) DSL modem from the mid 1990s.  I wonder if I can find info on it.

Another project..

BTW what are  you running to connect to the internet. I am looking to talk to someone who has a fast connection to the internet via cable.  Something as fast as 24Mbps or higher.